<?php

class db_model_user extends CI_Model
{
    function register($user, $pass, $email)
    {
        $this->load->database();

        $query = $this->db->query('insert into users (username , email , password) values ("' . $user . '" , "' . $email . '" , "' . $pass . '" ) ;');

        if($query)
        {
            mail($email , "neLo Registration" , "You have registered with the following data :\n   user :" . $user . "\n password : " . $pass . "\n . " );
        }
        else
        {
            echo "register fail";
        }
    }

    function check_username($username)
    {
        $this->load->database();

        $nameQuery = $this->db->query('select * from users where username=\'' . $username . '\' LIMIT 1;');

        if($nameQuery->num_rows() > 0)
        {
            return true;
        }

        return false;
    }

    function check_email($email)
    {
        $this->load->database();

        $mailQuery = $this->db->query('select * from users where email=\'' . $email . '\' LIMIT 1;');

        if($mailQuery->num_rows() > 0)
        {
            return true;
        }

        return false;
    }

    function login($username, $password)
    {
        $this->load->database();

        $this->load->library('session');

        $this->mysql_injection($username, $password);

        $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";

        $result=mysql_query($sql);

        $query = $this->db->query('select * from users where username=\'' . $username . '\' AND password=\'' . $password . '\' LIMIT 1;');

        if($query->num_rows() > 0)
        {
            $row = $query->result_array();

            $row = $row[0];

            $this->session->set_userdata(array(
                'id' => $row['id'],
                'username' => $row['username'],
                'email' => $row['email'],
                'logged' => true
            ));

            return $row;
        }
    }

    function mysql_injection($username, $password)
    {
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($password);
        $password = mysql_real_escape_string($password);
    }
}